I just attempted to add Active Directory role based authorization to my MvcCoderouting ApiController (.NET Framework 4.0) by decorating my actions with the [Authorize(Role=@"domain\ADgroup")] attribute.
I am in an Intranet environment (Domain controller/Web Server on Domain) and have checked my web.config for the following:
<authentication mode="Windows" />
<roleManager defaultProvider="AspNetWindowsTokenRoleProvider" enabled="true">
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider"/>
The Authorize attribute appears to be completely ignored.